/// <summary>Sets up the KDC and a set of principals in the JAAS file</summary> /// <exception cref="System.Exception"/> public static void SetupKDCAndPrincipals() { // set up the KDC FilePath target = new FilePath(Runtime.GetProperty("test.dir", "target")); kdcWorkDir = new FilePath(target, "kdc"); kdcWorkDir.Mkdirs(); if (!kdcWorkDir.Mkdirs()) { NUnit.Framework.Assert.IsTrue(kdcWorkDir.IsDirectory()); } kdcConf = MiniKdc.CreateConf(); kdcConf.SetProperty(MiniKdc.Debug, "true"); kdc = new MiniKdc(kdcConf, kdcWorkDir); kdc.Start(); keytab_zk = CreateKeytab(Zookeeper, "zookeeper.keytab"); keytab_alice = CreateKeytab(Alice, "alice.keytab"); keytab_bob = CreateKeytab(Bob, "bob.keytab"); zkServerPrincipal = Shell.Windows ? Zookeeper1270001 : ZookeeperLocalhost; StringBuilder jaas = new StringBuilder(1024); jaas.Append(registrySecurity.CreateJAASEntry(ZookeeperClientContext, Zookeeper, keytab_zk )); jaas.Append(registrySecurity.CreateJAASEntry(ZookeeperServerContext, zkServerPrincipal , keytab_zk)); jaas.Append(registrySecurity.CreateJAASEntry(AliceClientContext, AliceLocalhost, keytab_alice)); jaas.Append(registrySecurity.CreateJAASEntry(BobClientContext, BobLocalhost, keytab_bob )); jaasFile = new FilePath(kdcWorkDir, "jaas.txt"); FileUtils.Write(jaasFile, jaas.ToString()); Log.Info("\n" + jaas); RegistrySecurity.BindJVMtoJAASFile(jaasFile); }
public static void Setup() { try { testMiniKDC = new MiniKdc(MiniKdc.CreateConf(), testRootDir); testMiniKDC.Start(); testMiniKDC.CreatePrincipal(httpSpnegoKeytabFile, HttpUser + "/localhost"); } catch (Exception) { NUnit.Framework.Assert.IsTrue("Couldn't setup MiniKDC", false); } try { testTimelineServer = new ApplicationHistoryServer(); conf = new Configuration(false); conf.SetStrings(TimelineAuthenticationFilterInitializer.Prefix + "type", "kerberos" ); conf.Set(TimelineAuthenticationFilterInitializer.Prefix + KerberosAuthenticationHandler .Principal, httpSpnegoPrincipal); conf.Set(TimelineAuthenticationFilterInitializer.Prefix + KerberosAuthenticationHandler .Keytab, httpSpnegoKeytabFile.GetAbsolutePath()); conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication, "kerberos"); conf.Set(YarnConfiguration.TimelineServicePrincipal, httpSpnegoPrincipal); conf.Set(YarnConfiguration.TimelineServiceKeytab, httpSpnegoKeytabFile.GetAbsolutePath ()); conf.SetBoolean(YarnConfiguration.TimelineServiceEnabled, true); conf.SetClass(YarnConfiguration.TimelineServiceStore, typeof(MemoryTimelineStore) , typeof(TimelineStore)); conf.Set(YarnConfiguration.TimelineServiceAddress, "localhost:10200"); conf.Set(YarnConfiguration.TimelineServiceWebappAddress, "localhost:8188"); conf.Set(YarnConfiguration.TimelineServiceWebappHttpsAddress, "localhost:8190"); conf.Set("hadoop.proxyuser.HTTP.hosts", "*"); conf.Set("hadoop.proxyuser.HTTP.users", FooUser); conf.SetInt(YarnConfiguration.TimelineServiceClientMaxRetries, 1); if (withSsl) { conf.Set(YarnConfiguration.YarnHttpPolicyKey, HttpConfig.Policy.HttpsOnly.ToString ()); FilePath @base = new FilePath(Basedir); FileUtil.FullyDelete(@base); @base.Mkdirs(); keystoresDir = new FilePath(Basedir).GetAbsolutePath(); sslConfDir = KeyStoreTestUtil.GetClasspathDir(typeof(Org.Apache.Hadoop.Yarn.Server.Timeline.Security.TestTimelineAuthenticationFilter )); KeyStoreTestUtil.SetupSSLConfig(keystoresDir, sslConfDir, conf, false); } UserGroupInformation.SetConfiguration(conf); testTimelineServer.Init(conf); testTimelineServer.Start(); } catch (Exception) { NUnit.Framework.Assert.IsTrue("Couldn't setup TimelineServer", false); } }
public static void SetUp() { try { testMiniKDC = new MiniKdc(MiniKdc.CreateConf(), testRootDir); SetupKDC(); } catch (Exception) { NUnit.Framework.Assert.IsTrue("Couldn't create MiniKDC", false); } }
public virtual void StartMiniKdc() { // This setting below is required. If not enabled, UGI will abort // any attempt to loginUserFromKeytab. Configuration conf = new Configuration(); conf.Set(CommonConfigurationKeys.HadoopSecurityAuthentication, "kerberos"); UserGroupInformation.SetConfiguration(conf); workDir = folder.GetRoot(); kdc = new MiniKdc(MiniKdc.CreateConf(), workDir); kdc.Start(); }
/// <exception cref="System.Exception"/> private void TestKerberosDelegationTokenAuthenticator(bool doAs) { string doAsUser = doAs ? OkUser : null; // setting hadoop security to kerberos Configuration conf = new Configuration(); conf.Set("hadoop.security.authentication", "kerberos"); UserGroupInformation.SetConfiguration(conf); FilePath testDir = new FilePath("target/" + UUID.RandomUUID().ToString()); Assert.True(testDir.Mkdirs()); MiniKdc kdc = new MiniKdc(MiniKdc.CreateConf(), testDir); Org.Mortbay.Jetty.Server jetty = CreateJettyServer(); Context context = new Context(); context.SetContextPath("/foo"); jetty.SetHandler(context); context.AddFilter(new FilterHolder(typeof(TestWebDelegationToken.KDTAFilter)), "/*" , 0); context.AddServlet(new ServletHolder(typeof(TestWebDelegationToken.UserServlet)), "/bar"); try { kdc.Start(); FilePath keytabFile = new FilePath(testDir, "test.keytab"); kdc.CreatePrincipal(keytabFile, "client", "HTTP/localhost"); TestWebDelegationToken.KDTAFilter.keytabFile = keytabFile.GetAbsolutePath(); jetty.Start(); DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token (); DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); Uri url = new Uri(GetJettyURL() + "/foo/bar"); try { aUrl.GetDelegationToken(url, token, FooUser, doAsUser); NUnit.Framework.Assert.Fail(); } catch (AuthenticationException ex) { Assert.True(ex.Message.Contains("GSSException")); } DoAsKerberosUser("client", keytabFile.GetAbsolutePath(), new _Callable_778(aUrl, url, token, doAs, doAsUser)); } finally { // Make sure the token belongs to the right owner jetty.Stop(); kdc.Stop(); } }
public static void SetUp() { try { testMiniKDC = new MiniKdc(MiniKdc.CreateConf(), testRootDir); SetupKDC(); SetupAndStartRM(); } catch (Exception) { NUnit.Framework.Assert.Fail("Couldn't create MiniKDC"); } }
public static void Init() { baseDir = new FilePath(Runtime.GetProperty("test.build.dir", "target/test-dir"), typeof(TestSecureNNWithQJM).Name); FileUtil.FullyDelete(baseDir); NUnit.Framework.Assert.IsTrue(baseDir.Mkdirs()); Properties kdcConf = MiniKdc.CreateConf(); kdc = new MiniKdc(kdcConf, baseDir); kdc.Start(); baseConf = new HdfsConfiguration(); SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos , baseConf); UserGroupInformation.SetConfiguration(baseConf); NUnit.Framework.Assert.IsTrue("Expected configuration to enable security", UserGroupInformation .IsSecurityEnabled()); string userName = UserGroupInformation.GetLoginUser().GetShortUserName(); FilePath keytabFile = new FilePath(baseDir, userName + ".keytab"); string keytab = keytabFile.GetAbsolutePath(); // Windows will not reverse name lookup "127.0.0.1" to "localhost". string krbInstance = Path.Windows ? "127.0.0.1" : "localhost"; kdc.CreatePrincipal(keytabFile, userName + "/" + krbInstance, "HTTP/" + krbInstance ); string hdfsPrincipal = userName + "/" + krbInstance + "@" + kdc.GetRealm(); string spnegoPrincipal = "HTTP/" + krbInstance + "@" + kdc.GetRealm(); baseConf.Set(DFSConfigKeys.DfsNamenodeKerberosPrincipalKey, hdfsPrincipal); baseConf.Set(DFSConfigKeys.DfsNamenodeKeytabFileKey, keytab); baseConf.Set(DFSConfigKeys.DfsDatanodeKerberosPrincipalKey, hdfsPrincipal); baseConf.Set(DFSConfigKeys.DfsDatanodeKeytabFileKey, keytab); baseConf.Set(DFSConfigKeys.DfsWebAuthenticationKerberosPrincipalKey, spnegoPrincipal ); baseConf.Set(DFSConfigKeys.DfsJournalnodeKeytabFileKey, keytab); baseConf.Set(DFSConfigKeys.DfsJournalnodeKerberosPrincipalKey, hdfsPrincipal); baseConf.Set(DFSConfigKeys.DfsJournalnodeKerberosInternalSpnegoPrincipalKey, spnegoPrincipal ); baseConf.SetBoolean(DFSConfigKeys.DfsBlockAccessTokenEnableKey, true); baseConf.Set(DFSConfigKeys.DfsDataTransferProtectionKey, "authentication"); baseConf.Set(DFSConfigKeys.DfsHttpPolicyKey, HttpConfig.Policy.HttpsOnly.ToString ()); baseConf.Set(DFSConfigKeys.DfsNamenodeHttpsAddressKey, "localhost:0"); baseConf.Set(DFSConfigKeys.DfsDatanodeHttpsAddressKey, "localhost:0"); baseConf.Set(DFSConfigKeys.DfsJournalnodeHttpsAddressKey, "localhost:0"); baseConf.SetInt(CommonConfigurationKeys.IpcClientConnectMaxRetriesOnSaslKey, 10); string keystoresDir = baseDir.GetAbsolutePath(); string sslConfDir = KeyStoreTestUtil.GetClasspathDir(typeof(TestSecureNNWithQJM)); KeyStoreTestUtil.SetupSSLConfig(keystoresDir, sslConfDir, baseConf, false); }
public static void InitKdc() { baseDir = new FilePath(Runtime.GetProperty("test.build.dir", "target/test-dir"), typeof(SaslDataTransferTestCase).Name); FileUtil.FullyDelete(baseDir); NUnit.Framework.Assert.IsTrue(baseDir.Mkdirs()); Properties kdcConf = MiniKdc.CreateConf(); kdc = new MiniKdc(kdcConf, baseDir); kdc.Start(); string userName = UserGroupInformation.GetLoginUser().GetShortUserName(); FilePath keytabFile = new FilePath(baseDir, userName + ".keytab"); keytab = keytabFile.GetAbsolutePath(); kdc.CreatePrincipal(keytabFile, userName + "/localhost", "HTTP/localhost"); hdfsPrincipal = userName + "/localhost@" + kdc.GetRealm(); spnegoPrincipal = "HTTP/localhost@" + kdc.GetRealm(); }